How to config rsyslog on Fedora 10 to collect the log from Cisco ASA5510 ?

User Name

Remember Me?

Password

Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

As a router / firewall engineer 16 months ago I knew nothing about Linux. To be fair, at the time I really couldn't give a hoot about anything Linux / Unix based. It was all about the next Cisco certification. I used completely the wrong distro of Linux to use as a syslog server then. Yes it was Fedora 10, and the reason I picked it was because my girlfriend lived in Cambridge at the time. Since then I've learned a huge amount, and I still know nothing - but you know what, I actually care about my operating system now.

Yes, you are using the wrong operating system, but you like me 16 months ago don't care. You will learn, and I hope you have as much fun learning as I still am. =) We all need somewhere to start, so:

Replace the X.X.X.X with the IP address of the fedora server. Hopefully you've worked out how to nail down a fixed IP address with fedora - took me sometime, the default was DHCP when I installed. It's not as *pretty* as the "show interface ip brief"; but "ifconfig" will give you the IP address if you haven't worked that out.

Now, most guides out there tell you to modify your rsyslog config. I don't remember having to do this - and it worked... A file to check if you are having trouble is: /etc/rsyslog.conf This file should have these lines looking like this:

Code:

$ModLoad imudp.so
$UDPServerRun 514

If you've have a # in front of them they are "commented" out, so they will need removing. If you do need to change this file, then the rsyslog will need restarting to apply this:

Code:

system rsyslog restart

A couple of checks for syslog (and good for faulting it) are; first see if it is running:

Code:

ps aux | grep -i rsyslog

You'll see the "grep" line and hopefully syslog running.

What you'll also want to check is to see if Fedora is listening for syslog messages. You can check to see if it's *listening* to the syslog messages by running:

Code:

netstat -an | grep 514

514 as you'll know is the port number for syslog messages.

The final thing that can cause problems is the firewall within Fedora. This is known as IPtables, it a mild pain to get your head around, But is a solid firewall the more you learn about it =) The way to check this is to run this command:

Code:

more /etc/sysconfig/iptables

A line your looking for is:

Code:

-A INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT

If that is all there - then you should be able to see the syslog messages in the log file. You can read this via using the command:

Code:

more /var/log/messages

A really useful command when setting up syslog for the first time is to have a terminal open with this command running:

Code:

tail -f /var/log/messages

It updates dynamically in real time - great to see when the first messages start rolling in. =) Think of it in Cisco command terminology as having "term mon on"

Sure there is a whole lot more that you can do with syslog and where those files go. This will hopefully get you started. If you are in the same place I was 16 months ago with no-one to help you learn, good luck. It ain't an easy road, but seriously satisfying - I seem to get more job satisfaction playing in Linux than with Cisco kit now. If you are as new to Linux as I was, I'd honestly look at Ubuntu as an operating system. Not telling you its a perfect distro - but their community has been really good to me as a linux virgin with lots of daft questions. That to me has been the biggest factor in sticking with Linux, rather than an ideal supported distro.